<?php
/**
 * [Nananzui System] Copyright (c) 2017 NANANZUI.COM
 * Author leo
 */
defined('IN_IA') or exit('Access Denied');
$openid = $_W['openid'];
$dos = array('basic', 'uc', 'mobile_exist');
$do = in_array($do, $dos) ? $do : 'basic';

$setting = uni_setting($_W['uniacid'], array('uc', 'passport'));
$uc_setting = $setting['uc'] ? $setting['uc'] : array();
$ltype = empty($setting['passport']['type']) ? 'hybird' : $setting['passport']['type'];
$audit = @intval($setting['passport']['audit']);
$item = !empty($setting['passport']['item']) ? $setting['passport']['item'] : 'random';
$type = trim($_GPC['type']) ? trim($_GPC['type']) : 'email';
$forward = url('mc');

if($do == 'mobile_exist') {
	if($_W['ispost'] && $_W['isajax']) {
		$is_exist = pdo_get('mc_members', array('uniacid' => $_W['uniacid'], 'mobile' => trim($_GPC['mobile'])));
		if (!empty($is_exist)) {
			message(error(1, ''), '', 'ajax');
		} else {
			message(error(2, ''), '', 'ajax');
		}
	}
}

if($do == 'basic') {
	if($_W['ispost']) {
		
		$username = trim($_GPC['username']);
		$password = trim($_GPC['password']);
		$mode = trim($_GPC['mode']);
		if (empty($username)) {
			$output = array('data'=>NULL, 'message'=>'用户名不能为空', 'code'=>-401);
			exit(json_encode($output));
		}
		if (empty($password)) {
			if ($mode == 'code') {
				$output = array('data'=>NULL, 'message'=>'验证码不能为空', 'code'=>-401);
				exit(json_encode($output));
			} else {
				$output = array('data'=>NULL, 'message'=>'密码不能为空', 'code'=>-401);
				exit(json_encode($output));
			}
		}
		if ($mode == 'code') {
			load()->model('utility');
			if (!code_verify($_W['uniacid'], $username, $password)) {
				$output = array('data'=>NULL, 'message'=>'验证码错误', 'code'=>-401);
				exit(json_encode($output));
			} else {
				pdo_delete('uni_verifycode', array('receiver' => $username));
			}
		}
		$sql = 'SELECT `uid`,`salt`,`password` FROM ' . tablename('mc_members') . ' WHERE `uniacid`=:uniacid';
		$pars = array();
		$pars[':uniacid'] = $_W['uniacid'];
		if ($item == 'mobile') {
			if (preg_match(REGULAR_MOBILE, $username)) {
				$sql .= ' AND `mobile`=:mobile';
				$pars[':mobile'] = $username;
			} else {
				$output = array('data'=>NULL, 'message'=>'请输入正确的手机', 'code'=>-401);
				exit(json_encode($output));
			}
		} elseif ($item == 'email') {
			if (preg_match(REGULAR_EMAIL, $username)) {
				$sql .= ' AND `email`=:email';
				$pars[':email'] = $username;
			} else {
				$output = array('data'=>NULL, 'message'=>'请输入正确的邮箱', 'code'=>-401);
				exit(json_encode($output));;
			}
		} else {
			if (preg_match(REGULAR_MOBILE, $username)) {
				$sql .= ' AND `mobile`=:mobile';
				$pars[':mobile'] = $username;
			} else {
				$sql .= ' AND `email`=:email';
				$pars[':email'] = $username;
			}
		}
		
		$user = pdo_fetch($sql, $pars);
		$hash = md5($password . $user['salt'] . $_W['config']['setting']['authkey']);
		if ($user['password'] != $hash) {
			$output = array('data'=>NULL, 'message'=>'密码错误', 'code'=>-401);
			exit(json_encode($output));;
		}


		if (!empty($user) && !empty($user['uid'])) {
			$sql = 'SELECT `uid`,`realname`,`mobile`,`email`,`groupid`,`credit1`,`credit2`,`credit6` FROM ' . tablename('mc_members') . ' WHERE `uid`=:uid AND `uniacid`=:uniacid';
			$member = pdo_fetch($sql, array(':uid' => $user['uid'], ':uniacid' => $_W['uniacid']));
			if (!empty($member) && (!empty($member['mobile']) || !empty($member['email']))) {
				$data = $member;
				$output = array('data'=>$data, 'message'=>'登录成功', 'code'=>200);
				exit(json_encode($output));
			}

		}

		


		/*if (_mc_login($user)) {
			$test = _mc_login($user);
			print_r($test);
			$error = '0';
			$output = array('data'=>$test, 'message'=>'登录成功', 'code'=>200);
			exit(json_encode($output));;
		}*/
		//$message = '未知错误导致登陆失败';

		//$result['error'] = $error;
		//$result['message'] = $message;
		//die(json_encode($result));
	}
}
